option ca /etc/openvpn/ca.crt
 option cert /etc/openvpn/vpn_server_lan1.dyndns.biz.crt
 option key /etc/openvpn/vpn_server_lan1.dyndns.biz.key
 option dh /etc/openvpn/dh1024.pem

--ns-cert-type client|server
    Require that peer certificate was signed with an explicit nsCertType designation of "client" or "server".

    This is a useful security option for clients, to ensure that the host they connect with is a designated server.

    See the easy-rsa/build-key-server script for an example of how to generate a certificate with the nsCertType field set to "server".

    If the server certificate's nsCertType field is set to "server", then the clients can verify this with --ns-cert-type server.

    This is an important security precaution to protect against a man-in-the-middle attack where an authorized client attempts to connect to another client by impersonating the server. The attack is easily prevented by having clients verify the server certificate using any one of --ns-cert-type, --tls-remote, or --tls-verify. 

May 18 20:20:11 peveril daemon.err openvpn(Client_OpenVPN)[12502]: Options error: --ifconfig-pool/--ifconfig-pool-persist requires --mode server
May 18 20:20:11 peveril daemon.warn openvpn(Client_OpenVPN)[12502]: Use --help for more information.

May 18 20:36:12 peveril daemon.err openvpn(Client_OpenVPN)[12771]: Connection reset, restarting [0]
May 18 20:36:12 peveril daemon.notice openvpn(Client_OpenVPN)[12771]: TCP/UDP: Closing socket
May 18 20:36:12 peveril daemon.notice openvpn(Client_OpenVPN)[12771]: SIGUSR1[soft,connection-reset] received, process restarting
May 18 20:36:12 peveril daemon.notice openvpn(Client_OpenVPN)[12771]: Restart pause, 10 second(s)

May 18 21:37:45 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: MULTI: multi_create_instance called
May 18 21:37:45 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: Re-using SSL/TLS context
May 18 21:37:45 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: LZO compression initialized
May 18 21:37:45 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
May 18 21:37:45 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
May 18 21:37:45 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: TCP connection established with 82.9.47.45:39325
May 18 21:37:45 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: TCPv4_SERVER link local: [undef]
May 18 21:37:45 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: TCPv4_SERVER link remote: 82.9.47.45:39325
May 18 21:37:46 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: 82.9.47.45:39325 TLS: Initial packet from 82.9.47.45:39325, sid=dcbb1f81 2be7e8c7
May 18 21:37:49 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: 82.9.47.45:39325 VERIFY OK: depth=1, /C=PL/ST=kujawsko-pomorskie/L=Bydgoszcz/O=Domostwo/CN=Domostwo_CA/emailAddress=admin@pinklerose.pl
May 18 21:37:49 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: 82.9.47.45:39325 VERIFY nsCertType ERROR: /C=PL/ST=kujawsko-pomorskie/L=Bydgoszcz/O=Domostwo/CN=peveril/emailAddress=admin@pinklerose.pl, require nsCertType=CLIENT
May 18 21:37:49 Felixa daemon.err openvpn(Server_OpenVPN)[4057]: 82.9.47.45:39325 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:lib(20):func(137):reason(178)
May 18 21:37:49 Felixa daemon.err openvpn(Server_OpenVPN)[4057]: 82.9.47.45:39325 TLS Error: TLS object -> incoming plaintext read error
May 18 21:37:49 Felixa daemon.err openvpn(Server_OpenVPN)[4057]: 82.9.47.45:39325 TLS Error: TLS handshake failed
May 18 21:37:49 Felixa daemon.err openvpn(Server_OpenVPN)[4057]: 82.9.47.45:39325 Fatal TLS error (check_tls_errors_co), restarting
May 18 21:37:49 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: 82.9.47.45:39325 SIGUSR1[soft,tls-error] received, client-instance restarting
May 18 21:37:49 Felixa daemon.notice openvpn(Server_OpenVPN)[4057]: TCP/UDP: Closing socket